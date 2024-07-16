Key Takeaways FBI accessed Crooks' phone with likely use of exploits from companies holding onto 0-day vulnerabilities.

Tools like Cellebrite and Graykey can bypass smartphone security measurements swiftly.

Phone security is strong, but law enforcement might still gain access using exploit companies in future.

Following the attempted assassination of former U.S. President Donald Trump, several U.S. agencies are investigating the motivations behind Thomas Matthew Crooks’ actions. A large key to that is his smartphone, as it can house private conversations, notes, and other data that might help enforcement agencies understand his motives. After a couple of days, the FBI said that they had gained access to his phone. However, with the modern protections offered by smartphones these days, how did they?

With all modern Android smartphones and iPhones offering full-device encryption, eagle-eyed tech fans have noticed that the bureau likely has access to tools that can break into smartphones, likely in a way that the manufacturers of these smartphones wouldn't necessarily be a fan of, either. Little is known about the device so far, but the FBI said in a statement that its technical specialists "successfully gained access to Thomas Matthew Crooks’ phone, and they continue to analyze his electronic devices." Assuming it's a modern device with modern security paradigms, then it's a pretty big deal that they've managed to do that.

How did the FBI break into Thomas Matthew Crooks' phone?

There are companies out there holding onto 0-days

First and foremost, it’s important to understand the context of what a 0-day vulnerability is. A 0-day vulnerability, often referred to simply as a “zero-day,” is a security flaw in software that is unknown to the vendor or developer. This means that the developer has had “zero days” to address and patch the flaw before it can be exploited by attackers. When it comes to Android or iPhone smartphones, these vulnerabilities are especially concerning due to the personal and sensitive nature of the data stored on these devices.

In the context of the recent incident where the FBI gained access to a particular smartphone, it is highly possible that they enlisted the help of a company that possesses exploits affecting the device used by the shooter. Reflecting on the events of 2016, the FBI publicly criticized Apple for refusing to unlock the phone of the San Bernardino shooter. Shortly after, the FBI announced that it had accessed the smartphone without Apple's assistance. The FBI initially attempted to take Apple to court to compel the company to create software providing a backdoor, but withdrew its request the day before the hearing, citing that it had managed to unlock the phone with the help of a third party.

There are a number of companies out there capable of exploiting these smartphones, and while the Googles and Apples of the world will try to make it worth someone's while to report a serious exploit, the truth of the matter is that these companies can make a lot of money by withholding those bugs and instead using them to help out law enforcement agencies and even potentially malicious clients.

Case in point, NSO Group is an Israeli-based cyber-intelligence firm that was found to have developed a spyware dubbed "Pegasus." NSO marketed the software as a way to fight crime and terrorism, but it was reported that multiple governments (potentially including some branches of the United States government) had used it to surveil political opponents, journalists, and human rights activists. It was eventually patched in 2021 following the Pegasus Project report and patched again in September 2023 after it had been updated to use a different exploit. There's an entire business around getting access to phones and spying on phones, so it's unsurprising that the FBI has managed to enlist the help of someone to help break into whatever device it is.

Who could the FBI have turned to?

There are a few options

According to Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, who spoke with The Verge, it's very likely that the FBI may have used a device called the Cellebrite. Cellebrite is another Israeli-based company that can provide mobile extraction tools to law enforcement, and the FBI is expected to have its own in-house tools that it has either purchased from other companies, borrowed from other branches of government, or even developed itself.

As another example, Graykey is a piece of software that is said to be capable of accessing the Samsung Galaxy S24 series, iPhones on iOS 17, and the Google Pixel 6 and the Google Pixel 7. It's a tool that the company says can "provide same-day access to the latest iOS and Android devices – often in under one hour." These tools are typically not condoned by smartphone manufacturers, and when the exploits enabling them are found, will be swiftly patched.

As a result, while the details of how the FBI accessed Crooks’ phone remain unknown, it is likely that they used an exploit from a company specializing in bypassing smartphone security measures. The security on these phones is sufficient to protect the average person, but if law enforcement gets hold of your device, they will likely find a way to access it eventually.

We don’t yet know the specifics of how the FBI accessed Crooks’ phone, but we may learn more if the bureau shares additional details in the future. In the case of the San Bernardino shooter, after eventually accessing his phone, the FBI found no further information about a motive or intent, as it was merely a work phone. This could well be the case here, though we’ll have to wait to learn more.